• AmbiguousProps@lemmy.today
    link
    fedilink
    English
    arrow-up
    23
    ·
    edit-2
    1 month ago

    Define “military grade”, because that usually means that it’s actually the lowest grade.

    Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms – all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES)

    Ah, so they didn’t actually get close to cracking AES, they just want to scare people into thinking that they did. I’m not exactly sure what the headline means by “hack” here.

    • asmoranomar@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 month ago

      There’s also no such thing as “Military Grade” Encryption. The government as a whole, as directed by NSA, uses the same encryption technology. If anything, one of the defining techniques is how said technology is implemented as a process. That means less about the algorithm and more about the hardware and handling. For example, when dealing with classified networking, one of the key differences is using dedicated hardware. These aren’t PC’s that can be hacked, they are devices whose specific role is to handle encryption, key loading, or key acquisition. They are hardened to prevent emissions from leaking and will dump keys, firmware, memory if tampered with. End devices can only accept keys with no way to retrieve them for reuse.

      Advertisers that claim they are offering you “Military Grade” encryption just do regular NSA encryption methods in software, with no hardware component, and no handling process. Which would never be used in the military to secure classified data.

      Also, most encryption used in these devices don’t use one key, they use key generators. Each device talking to another generates a unique, temporary session key. These session keys do not last long, so if any one key is compromised it limits any potential unauthorized disclosures. Capturing encrypted data for later cracking would prove to be a time and resource exhausted process that would provide too little information, too late. At this point it would be easier to actually try to steal the keys and hardware, rather than crack them.